Source code for tcms.utils.github
# Copyright (c) 2019-2024 Alexander Todorov <atodorov@MrSenko.com>
import hashlib
import hmac
from django.http import HttpResponseForbidden
[docs]
def calculate_signature(secret, contents):
"""
Calculate GitHub signature header.
WARNING: both parameters must be bytes, not string!
"""
return "sha1=" + hmac.new(secret, msg=contents, digestmod=hashlib.sha1).hexdigest()
[docs]
def verify_signature(request, secret):
"""
Verifies request comes from GitHub, see:
https://developer.github.com/webhooks/securing/
"""
signature = request.headers.get("X-Hub-Signature", None)
if not signature:
return HttpResponseForbidden()
expected = calculate_signature(secret, request.body)
# due to security reasons do not use '==' operator
# https://docs.python.org/3/library/hmac.html#hmac.compare_digest
if not hmac.compare_digest(signature, expected):
return HttpResponseForbidden()
return True # b/c of inconsistent-return-statements
[docs]
def repo_id(url):
"""
Return an owner/repository combo given a URL
"""
result = url.strip().strip("/").lower()
result = (
result.replace("https://", "").replace("http://", "").replace("github.com/", "")
)
return result